Phishing scam hits Steam

For those of you on Steam or involved in the Steam community, beware! Phishers are out for your account.

Phishing is internet slang for a scam designed to copy down your login information and password. Often times you will be given a link that leads to a web page identical to one you visit often, like myspace, facebook, or Steam, and it will ask for your password. As soon as you enter your password, it is sent to whoever is running the scam, and they can log into your account and change the password to whatever they want, effectively locking you out.

A widespread phishing scam has hit the Steam community and dozens of users are getting their accounts stolen. Exactly why this is occuring isn't clear, but we can all guess the usual reasons: hackers are bored, someone wants to prove they have a big something, or people are just being dicks.

Regardless of the reasons behind it, a few things you should know:

Never, ever, give your Steam password to someone. A Steam support ticket will not ask you for your password. Steam admins do not need to know it in order to help or ban you. No one, short of yourself, will ever need the Steam password.

This scam is particularly malicious because it is not bot-driven. Many phishing programs are user-free; scripts running in HTML can do the trick. This particular con seems to be centered around the same group of people who actually attempt to convince you of things. If anyone asks you to join their Steam group or community page and gives you a link, grill them on details. Make damn sure that they are who they say they are. If you have a lot of friends you don't know very well on your list, just don't click any links they send you until these guys are put down.

A big problem with this scam is that if you are in-game, the Steam user interface will show the community page without the URL visible. Phishing can be picked out if the URL you visit is slightly different to the one you were expecting to see. As a result, people honestly believe that they are being sent a link to a Steam community page that requires yet another login.

Big hint there. Steam won't ask you to login to the community pages unless you are offline, signed off of friends, or trying to get into the forums. Watch out!

To be honest, a lot of good gamers I know have fallen prey to this one. For the time being, it's probably safest not to click any links people send you over Steam friends. In fact, just don't send each other links if you can help it.

If you're the guys running this: Find a better way to prove you're tough than messing with people's accounts. Nobody cares, grow up, and get a job, dammit.

Update:

Just now released on multiple forums: the phishers are claiming to be either your friends, clan-mates, or fellow players. Their MO is to ask you to click a link in order to join something so they can get a free server, or to click the link so they can get your support for a Steam ticket. Do not, under any circumstances, listen to someone asking you to help them get a free server. No server host will allow a free server based simply on having a big group in the Steam community.